Is a New Legal Framework Needed for the Cloud?

Kent Walker, Google’s SVP and general counsel, recently delivered a speech at The Heritage Foundation in Washington, D.C. His thoughts have opened the floodgates for new debates and discussions on cybersecurity, data privacy and, most importantly, on the need for a new legal framework for the cloud.

Digital communications and the rapid growth of technology now necessitate a renewed look at security and privacy issues, and at the legal flow of information to law enforcement to aid in their investigations. The rules written before the Internet era and before the Information Revolution are no longer valid or applicable. These current laws hinder user privacy and law enforcement activity alike.

Therefore, Google seeks to propose a new framework for the cloud that will aid in quicker and more efficient evidence gathering, lessen wait times and help solve crimes better. At the same time, these laws will comply with human rights, adhere to domestic and international law enforcement rules, commit to baseline user privacy and help in future policy reforms as well.

It is natural that an announcement like this would lead to debate and skepticism, but it is also important to understand the premise behind it. As Walker mentioned, we have seen a sea change in technology in the last decade.

Our lives are intrinsically linked to our digital activities. Access to this data is critical for solving crimes, which means there need to be immediate updates on the legal framework and digital-age warrants for governments.

In recent years, we have been focused on state intrusion and privacy rights — and rightly so. It is imperative that new laws are made that will protect citizens’ rights and offer appropriate access to law enforcement officers at the same time.

Data access should be simplified and accessible when it is needed most. Currently, the complicated and antiquated rules hamper investigations, leading to crimes going unsolved.

Then, there is the matter of international cooperation in the digital era. In the latter half of 2016, Google received 75,000 data requests from foreign law officers. While some countries have strict privacy rules in place, others lack baseline privacy standards. One hampers crime-solving, while the other hampers fundamental privacy rights.

A new standard for legal data access and international cooperation is warranted. This would not only balance individual rights and community interest but also aid the international officers of the law to stop criminals and terrorists and counter the growing instances of cyberthreats.

The migration to the cloud is inevitable. But as experts have pointed out, the speed and agility of cloud computing enable more data to be online and easily accessible by hackers.

As Walker said, the current system does not protect privacy, and neither does it aid in legitimate investigations. The new laws should also consider the vulnerability of data and ease of security breach as they consider the legal and regulatory compliances.

It’s not a lone battle for Google. Microsoft has petitioned to update the 1986 Electronic Communications Privacy Act (ECPA). The U.S. Chamber of Commerce, the Software Alliance, Verizon Communications, Cisco Systems and Amazon are supporting Microsoft in this uphill legal battle.

An increasing number of tech companies now store data around the world. But a request for access to that data for criminal investigations often leads to time-consuming legal wrangling. Walker’s proposal aims to overcome these barriers and create a direct path of communication and cooperation between officers in that country and the service providers.

Accomplishing this requires a change in laws on cloud computing — in the U.S and elsewhere.